@neyugn/agent-kits 0.5.0 → 0.5.3

package/kits/coder/skills/accessibility-patterns/SKILL.md

@@ -8,19 +8,27 @@ priority: MEDIUM
 
 # Accessibility Patterns - Inclusive Design Excellence
 
-> **Philosophy:** Accessibility is not a feature, it's a fundamental requirement. Design for everyone from the start.
+## ⚡ Quick Reference
+
+- **Semantic HTML**: `<button>` not `<div onClick>` · `<nav>` `<main>` `<aside>` · `<h1>` → `<h6>` hierarchy
+- **ARIA**: Use only when semantic HTML insufficient · `aria-label` for icon buttons · `aria-live` for dynamic content
+- **Keyboard**: All actions reachable via keyboard · Tab order logical · Focus visible always · `Escape` closes modals
+- **Color**: 4.5:1 contrast ratio (normal text) · 3:1 (large text) · Never color as only indicator
+- **Images**: `alt` always · Empty `alt=""` for decorative · Describe the function not appearance
+- **Forms**: Label every input (`for`/`htmlFor`) · Error messages linked with `aria-describedby` · Required marked
+
+---
+
 
 ---
 
 ## 🎯 Core Principles
 
-| Principle           | Rule                                          |
-| ------------------- | --------------------------------------------- |
-| **Perceivable**     | Information must be presentable to all senses |
-| **Operable**        | UI must be operable by all users              |
-| **Understandable**  | Information and UI must be understandable     |
-| **Robust**          | Content must work with assistive technologies |
-| **Inclusive First** | Build accessibility in, don't bolt it on      |
+- **Perceivable**: Information must be presentable to all senses
+- **Operable**: UI must be operable by all users
+- **Understandable**: Information and UI must be understandable
+- **Robust**: Content must work with assistive technologies
+- **Inclusive First**: Build accessibility in, don't bolt it on
 
 ```
 ❌ WRONG: Build first, add accessibility later
@@ -84,13 +92,11 @@ priority: MEDIUM
 
 ### Focus Management
 
-| Rule                        | Implementation                    |
-| --------------------------- | --------------------------------- |
-| All interactive elements    | Must be focusable via Tab         |
-| Logical focus order         | Match visual reading order        |
-| Visible focus indicators    | Never `outline: none` without alt |
-| Focus trapping in modals    | Tab loops within modal            |
-| Return focus on modal close | Focus returns to trigger element  |
+- All interactive elements: Must be focusable via Tab
+- Logical focus order: Match visual reading order
+- Visible focus indicators: Never `outline: none` without alt
+- Focus trapping in modals: Tab loops within modal
+- Return focus on modal close: Focus returns to trigger element
 
 ### Focus Indicator Pattern
 
@@ -137,14 +143,12 @@ button:focus:not(:focus-visible) {
 
 ### Semantic HTML
 
-| Use                 | Not                     |
-| ------------------- | ----------------------- |
-| `<button>`          | `<div onclick>`         |
-| `<a href>`          | `<span onclick>`        |
-| `<nav>`             | `<div class="nav">`     |
-| `<main>`            | `<div class="main">`    |
-| `<header>/<footer>` | `<div class="header">`  |
-| `<article>`         | `<div class="article">` |
+- `<button>`: `<div onclick>`
+- `<a href>`: `<span onclick>`
+- `<nav>`: `<div class="nav">`
+- `<main>`: `<div class="main">`
+- `<header>/<footer>`: `<div class="header">`
+- `<article>`: `<div class="article">`
 
 ### ARIA Usage Guidelines
 
@@ -172,11 +176,9 @@ button:focus:not(:focus-visible) {
 <div role="alert" aria-live="assertive">Error: Unable to save changes</div>
 ```
 
-| aria-live Value | Use Case                            |
-| --------------- | ----------------------------------- |
-| `polite`        | Non-urgent updates (search results) |
-| `assertive`     | Urgent (errors, alerts)             |
-| `off`           | Don't announce                      |
+- `polite`: Non-urgent updates (search results)
+- `assertive`: Urgent (errors, alerts)
+- `off`: Don't announce
 
 ---
 
@@ -216,11 +218,9 @@ button:focus:not(:focus-visible) {
 
 ### Form Validation Pattern
 
-| When      | What                                    |
-| --------- | --------------------------------------- |
-| On submit | Announce error count, focus first error |
-| On blur   | Validate individual field               |
-| On fix    | Clear error, don't re-announce success  |
+- On submit: Announce error count, focus first error
+- On blur: Validate individual field
+- On fix: Clear error, don't re-announce success
 
 ---
 
@@ -228,12 +228,10 @@ button:focus:not(:focus-visible) {
 
 ### Alt Text Guidelines
 
-| Image Type        | Alt Text                       |
-| ----------------- | ------------------------------ |
-| Informative       | Describe content and purpose   |
-| Decorative        | `alt=""` (empty)               |
-| Functional (link) | Describe destination/action    |
-| Complex (chart)   | Brief alt + longer description |
+- Informative: Describe content and purpose
+- Decorative: `alt=""` (empty)
+- Functional (link): Describe destination/action
+- Complex (chart): Brief alt + longer description
 
 ```html
 <!-- Informative -->
@@ -251,12 +249,10 @@ button:focus:not(:focus-visible) {
 
 ### Video Accessibility
 
-| Requirement     | Solution                     |
-| --------------- | ---------------------------- |
-| Deaf users      | Captions (synchronized text) |
-| Blind users     | Audio descriptions           |
-| Deafblind users | Transcript                   |
-| Seizure safety  | No flashing >3 times/second  |
+- Deaf users: Captions (synchronized text)
+- Blind users: Audio descriptions
+- Deafblind users: Transcript
+- Seizure safety: No flashing >3 times/second
 
 ---
 
@@ -264,12 +260,10 @@ button:focus:not(:focus-visible) {
 
 ### Touch Target Size
 
-| Standard        | Minimum Size |
-| --------------- | ------------ |
-| WCAG 2.2 AA     | 24x24px      |
-| WCAG 2.2 AAA    | 44x44px      |
-| Apple HIG       | 44x44pt      |
-| Material Design | 48x48dp      |
+- WCAG 2.2 AA: 24x24px
+- WCAG 2.2 AAA: 44x44px
+- Apple HIG: 44x44pt
+- Material Design: 48x48dp
 
 ### Spacing Between Targets
 
@@ -287,38 +281,32 @@ button:focus:not(:focus-visible) {
 
 ### Automated Testing
 
-| Tool             | Use Case                            |
-| ---------------- | ----------------------------------- |
-| **axe DevTools** | Browser extension, CI integration   |
-| **Lighthouse**   | Chrome DevTools, performance + a11y |
-| **WAVE**         | Browser extension, visual feedback  |
-| **pa11y**        | CLI tool for CI/CD                  |
-| **jest-axe**     | Unit test accessibility assertions  |
+- **axe DevTools**: Browser extension, CI integration
+- **Lighthouse**: Chrome DevTools, performance + a11y
+- **WAVE**: Browser extension, visual feedback
+- **pa11y**: CLI tool for CI/CD
+- **jest-axe**: Unit test accessibility assertions
 
 ### Manual Testing
 
-| Test           | How                                  |
-| -------------- | ------------------------------------ |
-| Keyboard only  | Unplug mouse, navigate with Tab      |
-| Screen reader  | VoiceOver (Mac), NVDA/JAWS (Windows) |
-| Zoom 200%      | Browser zoom, check layout           |
-| Color contrast | Use contrast checker tools           |
-| Motion reduced | Test `prefers-reduced-motion`        |
+- Keyboard only: Unplug mouse, navigate with Tab
+- Screen reader: VoiceOver (Mac), NVDA/JAWS (Windows)
+- Zoom 200%: Browser zoom, check layout
+- Color contrast: Use contrast checker tools
+- Motion reduced: Test `prefers-reduced-motion`
 
 ---
 
 ## 🚨 Anti-Patterns
 
-| ❌ Don't                         | ✅ Do                               |
-| -------------------------------- | ----------------------------------- |
-| `outline: none` without alt      | Custom focus with adequate contrast |
-| Color-only indicators            | Multiple visual cues                |
-| Generic link text ("click here") | Descriptive link text               |
-| Auto-playing media               | User-controlled playback            |
-| Time limits without extension    | Allow time extension or removal     |
-| Mouse-only interactions          | Keyboard equivalent for all actions |
-| Missing form labels              | Associated labels or aria-label     |
-| Small touch targets              | Minimum 44x44 touch targets         |
+- `outline: none` without alt: Custom focus with adequate contrast
+- Color-only indicators: Multiple visual cues
+- Generic link text ("click here"): Descriptive link text
+- Auto-playing media: User-controlled playback
+- Time limits without extension: Allow time extension or removal
+- Mouse-only interactions: Keyboard equivalent for all actions
+- Missing form labels: Associated labels or aria-label
+- Small touch targets: Minimum 44x44 touch targets
 
 ---
 
@@ -360,12 +348,10 @@ button:focus:not(:focus-visible) {
 
 ## 🔗 Related Skills
 
-| Need               | Skill                   |
-| ------------------ | ----------------------- |
-| SEO implementation | `seo-patterns`          |
-| Frontend design    | `frontend-design`       |
-| UX research        | UX researcher agent     |
-| Performance        | `performance-profiling` |
+- SEO implementation: `seo-patterns`
+- Frontend design: `frontend-design`
+- UX research: UX researcher agent
+- Performance: `performance-profiling`
 
 ---
 

package/kits/coder/skills/ai-rag-patterns/SKILL.md

@@ -7,19 +7,27 @@ version: 2.0
 
 # AI RAG Patterns - Retrieval-Augmented Generation
 
-> **Philosophy:** Retrieval quality determines generation quality. Garbage in, garbage out.
+## ⚡ Quick Reference
+
+- **Chunking**: 512-1024 tokens optimal · Overlap 20% · Respect document boundaries (headings)
+- **Embeddings**: `text-embedding-3-small` for cost · `text-embedding-3-large` for quality · Normalize vectors
+- **Vector DB**: Pinecone (managed) · Pgvector (Postgres) · Chroma (local) · Weaviate (hybrid)
+- **Retrieval**: Top-k=5-10 · Reranker improves precision · Hybrid (dense+sparse) for best recall
+- **Prompt**: System prompt + context + query · Cap context < model limit - response buffer
+- **Evaluation**: Faithfulness · Answer relevancy · Context recall · Use RAGAS for metrics
+
+---
+
 
 ---
 
 ## When to Use This Skill
 
-| ✅ Use                           | ❌ Don't Use                  |
-| -------------------------------- | ----------------------------- |
-| Building Q&A over documents      | Pure generative tasks         |
-| Semantic search implementation   | Dataset too small (<100 docs) |
-| Reducing LLM hallucinations      | Data privacy restrictions     |
-| Domain-specific knowledge access | Simple keyword search         |
-| Document processing pipelines    | Real-time streaming data      |
+- Building Q&A over documents: Pure generative tasks
+- Semantic search implementation: Dataset too small (<100 docs)
+- Reducing LLM hallucinations: Data privacy restrictions
+- Domain-specific knowledge access: Simple keyword search
+- Document processing pipelines: Real-time streaming data
 
 ---
 
@@ -403,15 +411,13 @@ langchain.llm_cache = RedisSemanticCache(
 
 ## Anti-Patterns
 
-| ❌ Don't                       | ✅ Do                               |
-| ------------------------------ | ----------------------------------- |
-| Fixed-size chunking only       | Semantic chunking + structure-aware |
-| Pure vector search             | Hybrid search (dense + sparse)      |
-| Use first retrieval results    | Rerank before generation            |
-| Same embedding for all content | Evaluate per content type           |
-| Cram max context into prompt   | Use relevance thresholds            |
-| Measure only final answer      | Evaluate retrieval separately       |
-| Ignore metadata                | Add rich metadata for filtering     |
+- Fixed-size chunking only: Semantic chunking + structure-aware
+- Pure vector search: Hybrid search (dense + sparse)
+- Use first retrieval results: Rerank before generation
+- Same embedding for all content: Evaluate per content type
+- Cram max context into prompt: Use relevance thresholds
+- Measure only final answer: Evaluate retrieval separately
+- Ignore metadata: Add rich metadata for filtering
 
 ---
 
@@ -432,12 +438,10 @@ Before deployment:
 
 ## Related Skills
 
-| Need                 | Skill                |
-| -------------------- | -------------------- |
-| LLM prompt design    | `prompt-engineering` |
-| Vector DB (Postgres) | `postgres-patterns`  |
-| Redis caching        | `redis-patterns`     |
-| API design           | `api-patterns`       |
+- LLM prompt design: `prompt-engineering`
+- Vector DB (Postgres): `postgres-patterns`
+- Redis caching: `redis-patterns`
+- API design: `api-patterns`
 
 ---
 

package/kits/coder/skills/api-patterns/SKILL.md

@@ -7,7 +7,16 @@ version: 2.0
 
 # API Patterns - Design Principles & Decision Making
 
-> **Philosophy:** Choose the right API style for the context. Learn to THINK, not copy fixed patterns.
+## ⚡ Quick Reference
+
+- **Style selection**: Public API → REST · Complex UI → GraphQL · TS monorepo internal → tRPC
+- **REST naming**: nouns not verbs · `GET /users` not `GET /getUsers` · HTTP method = action
+- **Status codes**: 200 OK · 201 Created · 204 Delete · 400 Bad · 401 Unauth · 403 Forbidden · 404 NotFound · 422 Validation · 429 RateLimit
+- **Pagination**: `< 1000 rows` → offset · `> 10000 rows / infinite scroll` → cursor
+- **Auth**: JWT (15min access + 7d refresh in httpOnly cookie) · Versioning: URI path `/v1/`
+- **Response envelope**: `{ data: {}, meta: { requestId, timestamp } }` · errors: `{ error: { code, message } }`
+
+---
 
 ---
 
@@ -38,13 +47,11 @@ What are your requirements?
 
 ### Resource Naming
 
-| ✅ Do               | ❌ Don't           |
-| ------------------- | ------------------ |
-| `GET /users`        | `GET /getUsers`    |
-| `GET /users/:id`    | `GET /user?id=123` |
-| `POST /users`       | `POST /createUser` |
-| `DELETE /users/:id` | `POST /deleteUser` |
-| `/users/:id/orders` | `/getUserOrders`   |
+- `GET /users`: `GET /getUsers`
+- `GET /users/:id`: `GET /user?id=123`
+- `POST /users`: `POST /createUser`
+- `DELETE /users/:id`: `POST /deleteUser`
+- `/users/:id/orders`: `/getUserOrders`
 
 ### HTTP Methods
 
@@ -108,13 +115,11 @@ What are your requirements?
 
 ### Error Code Naming
 
-| Pattern                   | Example                             |
-| ------------------------- | ----------------------------------- |
-| `RESOURCE_NOT_FOUND`      | `USER_NOT_FOUND`, `ORDER_NOT_FOUND` |
-| `RESOURCE_ALREADY_EXISTS` | `EMAIL_ALREADY_EXISTS`              |
-| `INVALID_FIELD`           | `INVALID_EMAIL`, `INVALID_PHONE`    |
-| `PERMISSION_DENIED`       | `PERMISSION_DENIED`                 |
-| `RATE_LIMITED`            | `RATE_LIMITED`                      |
+- `RESOURCE_NOT_FOUND`: `USER_NOT_FOUND`, `ORDER_NOT_FOUND`
+- `RESOURCE_ALREADY_EXISTS`: `EMAIL_ALREADY_EXISTS`
+- `INVALID_FIELD`: `INVALID_EMAIL`, `INVALID_PHONE`
+- `PERMISSION_DENIED`: `PERMISSION_DENIED`
+- `RATE_LIMITED`: `RATE_LIMITED`
 
 ---
 
@@ -161,14 +166,12 @@ Response:
 
 ### Decision Matrix
 
-| Use Case                  | Strategy |
-| ------------------------- | -------- |
-| Small dataset (<1000)     | Offset   |
-| Large dataset (>10000)    | Cursor   |
-| Frequently changing data  | Cursor   |
-| Random page access needed | Offset   |
-| Infinite scroll UI        | Cursor   |
-| Table with page numbers   | Offset   |
+- Small dataset (<1000): Offset
+- Large dataset (>10000): Cursor
+- Frequently changing data: Cursor
+- Random page access needed: Offset
+- Infinite scroll UI: Cursor
+- Table with page numbers: Offset
 
 ---
 
@@ -218,11 +221,9 @@ v1 (retired)    → Returns 410 Gone
 
 ### Strategies
 
-| Strategy           | Description                           |
-| ------------------ | ------------------------------------- |
-| **Token Bucket**   | Allows bursts, refills over time      |
-| **Sliding Window** | Smooth rate control                   |
-| **Fixed Window**   | Simple but allows burst at boundaries |
+- **Token Bucket**: Allows bursts, refills over time
+- **Sliding Window**: Smooth rate control
+- **Fixed Window**: Simple but allows burst at boundaries
 
 ### Response Headers
 
@@ -274,15 +275,13 @@ When using tRPC (TypeScript-first):
 
 ## Anti-Patterns
 
-| ❌ Don't                     | ✅ Do                         |
-| ---------------------------- | ----------------------------- |
-| Use verbs in REST endpoints  | Use nouns + HTTP methods      |
-| Return 200 for errors        | Use appropriate status codes  |
-| Expose stack traces          | Return structured error codes |
-| Skip rate limiting           | Implement from day 1          |
-| Inconsistent response format | Define envelope pattern       |
-| Version in request body      | Version in URL path           |
-| Return all fields always     | Support field selection       |
+- Use verbs in REST endpoints: Use nouns + HTTP methods
+- Return 200 for errors: Use appropriate status codes
+- Expose stack traces: Return structured error codes
+- Skip rate limiting: Implement from day 1
+- Inconsistent response format: Define envelope pattern
+- Version in request body: Version in URL path
+- Return all fields always: Support field selection
 
 ---
 
@@ -304,12 +303,10 @@ Before implementing:
 
 ## Related Skills
 
-| Need                   | Skill                   |
-| ---------------------- | ----------------------- |
-| Backend implementation | `nodejs-best-practices` |
-| Database design        | `database-design`       |
-| Security hardening     | `security-fundamentals` |
-| Testing APIs           | `testing-patterns`      |
+- Backend implementation: `nodejs-best-practices`
+- Database design: `database-design`
+- Security hardening: `security-fundamentals`
+- Testing APIs: `testing-patterns`
 
 ---
 

package/kits/coder/skills/auth-patterns/SKILL.md

@@ -8,19 +8,27 @@ priority: HIGH
 
 # Auth Patterns - Security-First Access Control
 
+## ⚡ Quick Reference
+
+- **Password**: bcrypt (cost 12) or Argon2id · Never MD5/SHA1 · No plaintext comparison
+- **JWT**: Access 15min · Refresh 7d in httpOnly SameSite=Strict cookie · RS256 for multi-service
+- **OAuth 2.0**: Authorization Code + PKCE for SPA/mobile · Client Credentials for M2M · Never Implicit flow
+- **Session**: Rotate ID after login · Invalidate on logout · SameSite=Strict cookie
+- **MFA**: TOTP (Authenticator) preferred · SMS as fallback only · Rate limit OTP attempts
+- **Rate limiting**: 5 failed logins → lockout 15min · Per-IP + per-account limits
+
+---
 > **Philosophy:** Authentication answers "Who are you?" Authorization answers "What can you do?" Both must be **server-validated**, never trust the client.
 
 ---
 
 ## Core Principles
 
-| Principle            | Rule                                                      |
-| -------------------- | --------------------------------------------------------- |
-| **Server-side**      | All auth checks happen on server, never just client       |
-| **Defense in depth** | Multiple layers: HTTPS + tokens + validation + rate limit |
-| **Least privilege**  | Grant minimum permissions needed                          |
-| **Secure defaults**  | Default deny, explicitly grant access                     |
-| **Audit everything** | Log auth events for security monitoring                   |
+- **Server-side**: All auth checks happen on server, never just client
+- **Defense in depth**: Multiple layers: HTTPS + tokens + validation + rate limit
+- **Least privilege**: Grant minimum permissions needed
+- **Secure defaults**: Default deny, explicitly grant access
+- **Audit everything**: Log auth events for security monitoring
 
 ---
 
@@ -124,13 +132,11 @@ async function requireOwnership(req, res, next) {
 
 ## Password Security
 
-| Rule                    | Implementation                             |
-| ----------------------- | ------------------------------------------ |
-| **Hash with bcrypt**    | Salt rounds: 12+                           |
-| **Min 12 characters**   | + uppercase + lowercase + number + special |
-| **Rate limit attempts** | 5 attempts per 15 min                      |
-| **Never log passwords** | Not even errors                            |
-| **Secure reset flow**   | Time-limited token via email               |
+- **Hash with bcrypt**: Salt rounds: 12+
+- **Min 12 characters**: + uppercase + lowercase + number + special
+- **Rate limit attempts**: 5 attempts per 15 min
+- **Never log passwords**: Not even errors
+- **Secure reset flow**: Time-limited token via email
 
 ### Password Flow
 
@@ -166,11 +172,9 @@ res.cookie("token", accessToken, {
 
 ## OAuth2 Simplified
 
-| Flow                   | Use Case                           |
-| ---------------------- | ---------------------------------- |
-| **Authorization Code** | Web apps with backend              |
-| **PKCE**               | SPAs, mobile apps (public clients) |
-| **Client Credentials** | Service-to-service                 |
+- **Authorization Code**: Web apps with backend
+- **PKCE**: SPAs, mobile apps (public clients)
+- **Client Credentials**: Service-to-service
 
 ### Basic OAuth2 Flow
 
@@ -214,53 +218,45 @@ Need access from JavaScript?
 
 ## Anti-Patterns (DON'T)
 
-| ❌ Anti-Pattern                  | ✅ Correct Approach            |
-| -------------------------------- | ------------------------------ |
-| Store JWT in localStorage        | httpOnly cookie or memory      |
-| Plain text passwords in DB       | bcrypt hash with salt          |
-| Long-lived access tokens (24h+)  | 15 min access + 7d refresh     |
-| Client-only auth checks          | Server validates every request |
-| Same secret for access & refresh | Separate secrets               |
-| No rate limiting on login        | 5 attempts / 15 min            |
-| JWT without expiration           | Always set `exp` claim         |
-| Hardcoded secrets in code        | Environment variables          |
+- Store JWT in localStorage: httpOnly cookie or memory
+- Plain text passwords in DB: bcrypt hash with salt
+- Long-lived access tokens (24h+): 15 min access + 7d refresh
+- Client-only auth checks: Server validates every request
+- Same secret for access & refresh: Separate secrets
+- No rate limiting on login: 5 attempts / 15 min
+- JWT without expiration: Always set `exp` claim
+- Hardcoded secrets in code: Environment variables
 
 ---
 
 ## Security Checklist
 
-| Category       | Check                                 |
-| -------------- | ------------------------------------- |
-| **Transport**  | HTTPS everywhere, HSTS enabled        |
-| **Passwords**  | bcrypt 12+, strong policy enforced    |
-| **Tokens**     | Short-lived, httpOnly, secure cookies |
-| **Rate Limit** | Login, registration, password reset   |
-| **Headers**    | CSP, X-Frame-Options, X-Content-Type  |
-| **Logging**    | Auth events logged, no sensitive data |
-| **CORS**       | Strict origin whitelist               |
+- **Transport**: HTTPS everywhere, HSTS enabled
+- **Passwords**: bcrypt 12+, strong policy enforced
+- **Tokens**: Short-lived, httpOnly, secure cookies
+- **Rate Limit**: Login, registration, password reset
+- **Headers**: CSP, X-Frame-Options, X-Content-Type
+- **Logging**: Auth events logged, no sensitive data
+- **CORS**: Strict origin whitelist
 
 ---
 
 ## 🔴 Self-Check Before Completing
 
-| Check                      | Question                       |
-| -------------------------- | ------------------------------ |
-| ✅ **Server validated?**   | All auth happens server-side?  |
-| ✅ **Tokens secure?**      | httpOnly, secure, short-lived? |
-| ✅ **Passwords hashed?**   | bcrypt with 12+ rounds?        |
-| ✅ **Rate limited?**       | Login endpoint protected?      |
-| ✅ **HTTPS?**              | All traffic encrypted?         |
-| ✅ **No secrets in code?** | Environment variables only?    |
+- ✅ **Server validated?**: All auth happens server-side?
+- ✅ **Tokens secure?**: httpOnly, secure, short-lived?
+- ✅ **Passwords hashed?**: bcrypt with 12+ rounds?
+- ✅ **Rate limited?**: Login endpoint protected?
+- ✅ **HTTPS?**: All traffic encrypted?
+- ✅ **No secrets in code?**: Environment variables only?
 
 ---
 
 ## Related Skills
 
-| Need              | Skill                   |
-| ----------------- | ----------------------- |
-| API design        | `api-patterns`          |
-| Security auditing | `security-fundamentals` |
-| Database design   | `database-design`       |
+- API design: `api-patterns`
+- Security auditing: `security-fundamentals`
+- Database design: `database-design`
 
 ---